Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Upgrade & Maintenance

Upgrade & Maintenance

Software Upgrade

Context

The device software includes BootROM software and system
software. After the AR is powered on, it runs the BootROM software
to initialize the hardware and display hardware parameters. Then the
device runs the system software. The system software provides drivers
and adaptation functions for hardware, and offers services features.
The BootROM software and system software are mandatory for device
startup and operation, providing support, management, and services
for the AR.

NOTE:

The BootROM software is included
in the system software package (.cc) of the AR. The BootROM software is automatically upgraded
during system software upgrade.

Procedure

Click to select
the system software or patch file that you want to upload, as shown in Figure 1-151.

Figure 1-151 Software upgrade

Click Load to upload the system
software or patch file to the AR. The uploaded system software or
patch file is specified for the next startup.

After you restart the AR, the specified system software or
patch file will take effect.

License Expansion

Context

A license is used to authorize users to obtain software
functions by feature, version, capacity, or usage time. A license
contains a license file (*.dat) and a license authorization certificate.

You can obtain a license authorization certificate after purchasing
or renewing a license. You need to apply for a license file to use
functions controlled by the license. Only one license file is generated
on a device even if you have purchased multiple licenses. The license
file is bound to the Equipment Serial Number (ESN). That is, a license
file is unique and corresponds to only one device.

Equipment Serial Number(ESN): Log in to the web platform, select Maintenance, and select Device Information. Then the ESN can be obtained from Equipment serial number of Device Information.

Agents or end users can use Huawei license management system
(ESDP) to obtain the license file.

NOTE:

Visit the
Huawei license management system (ESDP) at http://app.huawei.com/isdp.

You need to activate licenses in either of the following
situations: You need to apply for and purchase the license to obtain
authorization of corresponding functions when purchasing a new device.
You need to re-apply for, upgrade, and activate a license file to
obtain new functions and resources due to service development although
the license file has been activated on the device.

Procedure

Click on the Load License page to select the license file to be uploaded, as shown in Figure 1-153.

Figure 1-153 Uploading the license

Click Load to load the current license
file.

You can view the status, and controlled resources and authorization
of the current license on the License Information page. Table 1-60 describes
parameters on the License Information page.

Table 1-60 Description of parameters on the License Information page

Parameter

Description

License Status

not activated: It is the default status. No license
is activated or a license expires after system startup.

Normal: A correct commercial license is activated.

not activated: The license that does not match the ESN is activated or a license
expires and enters the grace period.

not activated: A
temporary license is activated normally.

not activated: The system is free from license control and runs with with the
maximum configurations of dynamic resources. This status lasts a maximum
of seven days. Then the system returns to the original status.

Control Resource

Resources controlled by the license.

Authorization Information

Detailed authorization information of resources controlled
by the license.

Signature File Loading

Context

A signature database consists of an intrusion prevention
system (IPS) signature database, and is upgraded to identify the latest intrusions.

The IPS signature
database is the basis for detecting intrusions. It contains predefined
IPS signatures. IPS signatures are used to describe features of intrusion
behavior on networks. The device compares packet contents with IPS
signatures for detection and attack defense. If a data flow matches
the features in a signature, the device processes the data flow based
on the signature action.

The IPS signature database on the security
center platform is updated in real time. You can continuously obtain
new intrusion prevention versions from the security center platform
to update the signature database after purchasing a license. You can
upgrade the signature database through the security center platform
or locally.

Upgrade through the security center platform: The platform is
a server deployed by Huawei. You need to purchase an upgrade license.
The domain name of the security center platform is sec.huawei.com.
If the device can access the security center platform, you can upgrade
the device online through the security center platform.

Local upgrade: When the device cannot be connected to the security
center platform through the network, you can log in to the security
center platform to download the latest IPS signature database upgrade
package, save the package to a local PC, and then upload the upgrade
file to the device through web to upgrade the IPS signature database.

Local Service Settings

Context

FTP applies to scenarios where high network security is
not required in file transmission, and is widely used in version upgrade.

NOTE:

FTP brings in security risks; therefore, SFTP
is recommended.

Telnet is an application layer protocol
in the TCP/IP protocol suite and provides remote login and virtual
terminal functions. The server/client model is used. The Telnet client
sends a request to the Telnet server, and the Telnet server provides
the Telnet service.

HTTPS: After HTTPS is enabled on the AR used as a web server,
configure terminals to connect to the AR through HTTPS to implement
remote configuration and management.

Web service timeout: If
no operation is performed in the specified duration and you attempt
to perform an operation again, the system displays a message indicating
login timeout. You need to log in again. By default, the value is
10 minutes.

Procedure

Configure service management.

Choose Maintenance > Upgrade&Maintenance > Local Service Settings, as shown in Figure 1-161.

Figure 1-161 Local Service Settings page

Select ON or OFF of FTP service to enable
or disable the FTP service.

Select ON or OFF of Telnet service to enable
or disable the Telnet service.

Select ON or OFF of SFTP service to enable
or disable the SFTP service.

Select ON or OFF of STelnet service to enable
or disable the STelnet service.

Select check boxes of multiple entries or the check box in the
table header for selecting all entries.

Click Delete in Remotely Trusted
Host List to delete a trusted host.

System Time Settings

Context

To ensure communication between the AR and other devices,
correctly set the system time either by enabling automatic synchronization
between the AR and the NTP server or manually. The first method is
recommended.

Procedure

Enable automatic synchronization.

Choose Maintenance > Upgrade&Maintenance > System Time
Settings, as shown in Figure 1-163.

Figure 1-163 Automatic Synchronization page

In Set Date and Time, select Automatic Synchronization.

In NTP server 1, enter the IP address of NTP server 1.

(Optional) In NTP server 2, enter the IP address of NTP server 2.

Click Apply.

In the displayed Confirm dialog box, click OK.

NOTE:

The web platform supports two NTP servers.
The system selects an NTP server based on the stratum of the master
clock of the NTP servers. For example, if NTP server 1 has a higher
stratum of the master clock than that of NTP server 2, the AR synchronizes
the system time with NTP server 1.

If the AR has a higher stratum
of the master clock than those of NTP servers 1 and 2, the AR does
not synchronize the system time with the NTP servers.

Set the system time manually.

Choose Maintenance > Upgrade&Maintenance > System Time
Settings.

In Set Date and Time, select Manual Setting, as shown in Figure 1-164.

Figure 1-164 Manual Setting page

In Date and time, click the configuration button to select a date and
time.

In Time zone, select a time zone from the drop-down list box.

Click Apply.

In the displayed Confirm dialog box, click OK.

Configuring the Device on Controller

Context

An AR can be connected to the Controller, which can be
the Huawei public cloud or a third-party controller.

Procedure

Enter the Controller address (domain name or IP address) and port
number.Figure 1-165 shows the Controller
setting page. Table 1-62 describes the parameters.
If the AR is connected to the Huawei public cloud, enter the domain
name device-naas.huawei.com and port number 10020. If the AR is connected
to a third-party controller, enter the domain name and port number
of the third-party controller.

Figure 1-165 Controller setting page

Table 1-62 Parameter description

Parameter

Description

Value

Agile Controller address (domain name/IP)

Specifies the domain name or IP address of the Controller.

Controller domain name: The value is a string of 1 to 128 case-sensitive
characters without spaces.

NOTE:

In a domain name (for
example, www.controller.com), the string between two dots must have
1-63 characters. The first character cannot be a hyphen and the last
character cannot be an underline or hyphen.

Controller IP address: The value is in dotted decimal notation.

Port

Specifies the port number matching the controller's domain
name/IP address.

(Optional) Import certificates. An AR has a certificate loaded
before delivery. If the certificate expires or does not match the
device ESN, replace the certificate.

In the Current Certificate Information area, as shown in Figure 1-166, click Import to display the certificate import page, as shown in Figure 1-167.

Figure 1-166 Current Certificate Information

Figure 1-167 Import Certificate

There are two types of certificates: CA certificate and local
certificate. A CA certificate is the CA's own certificate. A local
certificate is issued by the CA to the applicant. The local certificate
is verified by the CA certificate.

The encryption key and confirm key cannot be empty. The key is
a string of 1 to 32 characters without spaces.

The encryption key and confirm key must be the same; otherwise,
an error message is displayed.

Click to select the local certificate file
that you want to upload.

NOTE:

The local certificate file
is in the format *.pem or *.p12, and the file name is a string of
1 to 64 case-sensitive characters. Special characters and spaces are
not supported.

Select a certificate file and click OK. In the displayed
dialog box, click OK. The local certificate file is uploaded
and installed.

After the certificate is imported, the certificate information
is displayed in the Current Certificate Information area, including
certificate type, status, version, sequence number, vendor, issuer,
and subject.

(Optional) Restore the certificate loaded before delivery.

Click Restore Factory Certificate in the Current Certificate
Information area. A dialog box is displayed to ask you whether
to restore the certificate, as shown in Figure 1-169.